Randomness 101: LavaRand in Production
November 06, 2017 5:54 AM
As some of you may know, there's a wall of lava lamps in the lobby of our San Francisco office that we use for cryptography. In this post, we’re going to explore how that works. ...
Performing & Preventing SSL Stripping: A Plain-English Primer
October 20, 2017 4:23 PM
Over the past few days we learnt about a new attack that posed a serious weakness in the encryption protocol used to secure all modern Wi-Fi networks....
A Fast, Secure Migration to Google Cloud Platform using Cloudflare
October 06, 2017 2:00 PM
OnAir Video Presentation Abstract Looking to host your website, application, or API in the cloud, or migrate to a new cloud provider while keeping your data secure? In this webinar, Trey Guinn, Head of Solutions Engineering at Cloudflare, will discuss how companies should approach security, during and after migration. We'll highlight the migration story of LUSH, one of the largest global e-Commerce cosmetic retailers, and how they took the right steps to migrate from their previous cloud p...
A New Cybersecurity Strategy for Europe
October 01, 2017 10:00 AM
October is European Cybersecurity Month, an annual advocacy campaign to raise awareness of cyber risks among citizens and businesses, and to share best practices in cybersecurity....
Geo Key Manager: How It Works
September 26, 2017 1:00 PM
Today we announced Geo Key Manager, a feature that gives customers control over where their private keys are stored with Cloudflare. This builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism....
MORE POSTS
September 25, 2017 1:00 PM
No Scrubs: The Architecture That Made Unmetered Mitigation Possible
When building a DDoS mitigation service it’s incredibly tempting to think that the solution is scrubbing centers or scrubbing servers. I, too, thought that was a good idea in the beginning, but experience has shown that there are serious pitfalls to this approach....
- By
September 25, 2017 1:00 PM
Meet Gatebot - a bot that allows us to sleep
In the past, we’ve spoken about how Cloudflare is architected to sustain the largest DDoS attacks. During traffic surges we spread the traffic across a very large number of edge servers. ...
- By
September 25, 2017 1:00 PM
Unmetered Mitigation: DDoS Protection Without Limits
This is the week of Cloudflare's seventh birthday. It's become a tradition for us to announce a series of products each day of this week and bring major new benefits to our customers. We're beginning with one I'm especially proud of: Unmetered Mitigation....
- By
September 14, 2017 6:25 PM
Disruptive Cryptography: Post-Quantum & Machine Learning With Encrypted Data
Shay Gueron, Associate Professor of Mathematics, University of Haifa, Israel, and Raluca Ada Popa, Assistant Professor of Computer Science, UC Berkeley ...
- By
September 14, 2017 5:08 PM
The View from Washington: The State of Cybersecurity
Avril Haines, Former Deputy National Security Advisor, Obama Administration...
- By
September 12, 2017 4:29 PM
Understanding the prevalence of web traffic interception
This post summarizes how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at NDSS 2017 authored by several researchers including the author of this post and Nick Sullivan of Cloudflare. ...
- By
September 01, 2017 8:48 PM
SIDH in Go for quantum-resistant TLS 1.3
Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations require, and choosing cryptographic parameters based on our best estimates....
- By
August 28, 2017 2:00 PM
The WireX Botnet: How Industry Collaboration Disrupted a DDoS Attack
On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. ...
- By
July 21, 2017 8:01 AM
How to use Cloudflare for Service Discovery
Cloudflare runs 3,588 containers, making up 1,264 apps and services that all need to be able to find and discover each other in order to communicate -- a problem solved with service discovery....
- By
July 18, 2017 6:39 PM
Ninth Circuit Rules on National Security Letter Gag Orders
As we’ve previously discussed on this blog, Cloudflare has been challenging for years the constitutionality of the FBI’s use of national security letters (NSLs) to demand user data on a confidential basis....
- By
July 10, 2017 12:43 PM
High-reliability OCSP stapling and why it matters
At Cloudflare our focus is making the internet faster and more secure. Today we are announcing a new enhancement to our HTTPS service: High-Reliability OCSP stapling....
- By
July 06, 2017 1:35 PM
How to make your site HTTPS-only
The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services....
- By
July 04, 2017 10:32 AM
Three little tools: mmsum, mmwatch, mmhistogram
In a recent blog post, my colleague Marek talked about some SSDP-based DDoS activity we'd been seeing recently. In that blog post he used a tool called mmhistogram to output an ASCII histogram....
- By
July 03, 2017 4:21 PM
A container identity bootstrapping tool
Everybody has secrets. Software developers have many. Often these secrets—API tokens, TLS private keys, database passwords, SSH keys, and other sensitive data—are needed to make a service run properly and interact securely with other services. ...
- By